Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to libddwaf-java 9.1.1 #6846

Merged
merged 1 commit into from Mar 27, 2024
Merged

Upgrade to libddwaf-java 9.1.1 #6846

merged 1 commit into from Mar 27, 2024

Conversation

smola
Copy link
Member

@smola smola commented Mar 26, 2024
edited

What Does This Do

  • Upgrade to libddwaf-java 9.1.0. There are no changes to libddwaf itself or bindings code here, only build changes. libc++ was upgraded too.
  • These builds are smaller, saving 535KB on our final dd-java-agent.jar. Also resulting in faster initialization.

Motivation

Additional Notes

Jira ticket: [PROJ-IDENT]

@smola smola added the comp: asm waf Application Security Management (WAF) label Mar 26, 2024
@pr-commenter
Copy link

pr-commenter bot commented Mar 26, 2024
edited

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/libddwaf-java-9.1.0
git_commit_date 1711475656 1711525685
git_commit_sha 87afba4 f3ead03
release_version 1.32.0-SNAPSHOT~87afba42c6 1.32.0-SNAPSHOT~f3ead03f01
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1711529026 1711529026
ci_job_id 470442773 470442773
ci_pipeline_id 30896775 30896775
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 46 metrics, 16 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:appsec:AppSec better
[-5.493ms; -4.010ms] or [-3.568%; -2.605%]		 149.204ms 153.956ms
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1075342
Total [baseline] (10.453 s) : 0, 10453365
Agent [candidate] (1.075 s) : 0, 1075037
Total [candidate] (10.448 s) : 0, 10448142
section appsec
Agent [baseline] (1.206 s) : 0, 1205573
Total [baseline] (10.558 s) : 0, 10558094
Agent [candidate] (1.196 s) : 0, 1195831
Total [candidate] (10.533 s) : 0, 10532786
section iast
Agent [baseline] (1.199 s) : 0, 1198576
Total [baseline] (11.017 s) : 0, 11016994
Agent [candidate] (1.2 s) : 0, 1200065
Total [candidate] (10.965 s) : 0, 10965406
section profiling
Agent [baseline] (1.27 s) : 0, 1269642
Total [baseline] (10.602 s) : 0, 10602303
Agent [candidate] (1.279 s) : 0, 1279000
Total [candidate] (10.684 s) : 0, 10684077
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.206 s 130.23 ms (12.1%)
Agent iast 1.199 s 123.234 ms (11.5%)
Agent profiling 1.27 s 194.299 ms (18.1%)
Total tracing 10.453 s -
Total appsec 10.558 s 104.729 ms (1.0%)
Total iast 11.017 s 563.629 ms (5.4%)
Total profiling 10.602 s 148.938 ms (1.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.196 s 120.794 ms (11.2%)
Agent iast 1.2 s 125.028 ms (11.6%)
Agent profiling 1.279 s 203.962 ms (19.0%)
Total tracing 10.448 s -
Total appsec 10.533 s 84.644 ms (0.8%)
Total iast 10.965 s 517.264 ms (5.0%)
Total profiling 10.684 s 235.935 ms (2.3%) 
gantt
    title petclinic - break down per module: candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.083 ms) : 0, 686083
BytebuddyAgent [candidate] (684.685 ms) : 0, 684685
GlobalTracer [baseline] (297.06 ms) : 0, 297060
GlobalTracer [candidate] (297.981 ms) : 0, 297981
AppSec [baseline] (49.268 ms) : 0, 49268
AppSec [candidate] (49.396 ms) : 0, 49396
Remote Config [baseline] (1.069 ms) : 0, 1069
Remote Config [candidate] (1.065 ms) : 0, 1065
Telemetry [baseline] (7.421 ms) : 0, 7421
Telemetry [candidate] (7.597 ms) : 0, 7597
section appsec
BytebuddyAgent [baseline] (698.187 ms) : 0, 698187
BytebuddyAgent [candidate] (693.992 ms) : 0, 693992
GlobalTracer [baseline] (292.883 ms) : 0, 292883
GlobalTracer [candidate] (292.166 ms) : 0, 292166
AppSec [baseline] (153.956 ms) : 0, 153956
AppSec [candidate] (149.204 ms) : 0, 149204
IAST [baseline] (18.609 ms) : 0, 18609
IAST [candidate] (18.721 ms) : 0, 18721
Remote Config [baseline] (605.424 µs) : 0, 605
Remote Config [candidate] (602.859 µs) : 0, 603
Telemetry [baseline] (6.769 ms) : 0, 6769
Telemetry [candidate] (6.771 ms) : 0, 6771
section iast
BytebuddyAgent [baseline] (793.403 ms) : 0, 793403
BytebuddyAgent [candidate] (794.219 ms) : 0, 794219
GlobalTracer [baseline] (288.727 ms) : 0, 288727
GlobalTracer [candidate] (289.838 ms) : 0, 289838
AppSec [baseline] (50.308 ms) : 0, 50308
AppSec [candidate] (50.383 ms) : 0, 50383
IAST [baseline] (22.916 ms) : 0, 22916
IAST [candidate] (24.114 ms) : 0, 24114
Remote Config [baseline] (587.331 µs) : 0, 587
Remote Config [candidate] (586.718 µs) : 0, 587
Telemetry [baseline] (8.244 ms) : 0, 8244
Telemetry [candidate] (6.577 ms) : 0, 6577
section profiling
BytebuddyAgent [baseline] (677.205 ms) : 0, 677205
BytebuddyAgent [candidate] (683.038 ms) : 0, 683038
GlobalTracer [baseline] (380.463 ms) : 0, 380463
GlobalTracer [candidate] (383.93 ms) : 0, 383930
AppSec [baseline] (49.907 ms) : 0, 49907
AppSec [candidate] (50.485 ms) : 0, 50485
Remote Config [baseline] (859.54 µs) : 0, 860
Remote Config [candidate] (858.515 µs) : 0, 859
Telemetry [baseline] (7.466 ms) : 0, 7466
Telemetry [candidate] (7.543 ms) : 0, 7543
ProfilingAgent [baseline] (97.231 ms) : 0, 97231
ProfilingAgent [candidate] (96.35 ms) : 0, 96350
Profiling [baseline] (97.256 ms) : 0, 97256
Profiling [candidate] (96.374 ms) : 0, 96374
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.074 s) : 0, 1073632
Total [baseline] (8.566 s) : 0, 8565690
Agent [candidate] (1.077 s) : 0, 1077152
Total [candidate] (8.575 s) : 0, 8575356
section iast
Agent [baseline] (1.234 s) : 0, 1233788
Total [baseline] (9.159 s) : 0, 9159414
Agent [candidate] (1.199 s) : 0, 1198697
Total [candidate] (9.111 s) : 0, 9111418
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.197 s) : 0, 1196998
Total [baseline] (9.053 s) : 0, 9053311
Agent [candidate] (1.211 s) : 0, 1210579
Total [candidate] (9.121 s) : 0, 9121153
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1196118
Total [baseline] (9.077 s) : 0, 9077435
Agent [candidate] (1.197 s) : 0, 1197355
Total [candidate] (9.064 s) : 0, 9064169
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.074 s -
Agent iast 1.234 s 160.157 ms (14.9%)
Agent iast_HARDCODED_SECRET_DISABLED 1.197 s 123.366 ms (11.5%)
Agent iast_TELEMETRY_OFF 1.196 s 122.486 ms (11.4%)
Total tracing 8.566 s -
Total iast 9.159 s 593.724 ms (6.9%)
Total iast_HARDCODED_SECRET_DISABLED 9.053 s 487.621 ms (5.7%)
Total iast_TELEMETRY_OFF 9.077 s 511.745 ms (6.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.077 s -
Agent iast 1.199 s 121.545 ms (11.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.211 s 133.426 ms (12.4%)
Agent iast_TELEMETRY_OFF 1.197 s 120.203 ms (11.2%)
Total tracing 8.575 s -
Total iast 9.111 s 536.063 ms (6.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.121 s 545.797 ms (6.4%)
Total iast_TELEMETRY_OFF 9.064 s 488.814 ms (5.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.297 ms) : 0, 684297
BytebuddyAgent [candidate] (686.04 ms) : 0, 686040
GlobalTracer [baseline] (296.965 ms) : 0, 296965
GlobalTracer [candidate] (298.887 ms) : 0, 298887
AppSec [baseline] (49.418 ms) : 0, 49418
AppSec [candidate] (49.266 ms) : 0, 49266
Remote Config [baseline] (1.057 ms) : 0, 1057
Remote Config [candidate] (1.047 ms) : 0, 1047
Telemetry [baseline] (7.471 ms) : 0, 7471
Telemetry [candidate] (7.481 ms) : 0, 7481
section iast
BytebuddyAgent [baseline] (817.755 ms) : 0, 817755
BytebuddyAgent [candidate] (793.63 ms) : 0, 793630
GlobalTracer [baseline] (296.366 ms) : 0, 296366
GlobalTracer [candidate] (288.753 ms) : 0, 288753
AppSec [baseline] (52.418 ms) : 0, 52418
AppSec [candidate] (49.396 ms) : 0, 49396
IAST [baseline] (24.463 ms) : 0, 24463
IAST [candidate] (23.633 ms) : 0, 23633
Remote Config [baseline] (601.52 µs) : 0, 602
Remote Config [candidate] (581.1 µs) : 0, 581
Telemetry [baseline] (6.861 ms) : 0, 6861
Telemetry [candidate] (8.22 ms) : 0, 8220
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (792.584 ms) : 0, 792584
BytebuddyAgent [candidate] (800.673 ms) : 0, 800673
GlobalTracer [baseline] (288.499 ms) : 0, 288499
GlobalTracer [candidate] (292.093 ms) : 0, 292093
AppSec [baseline] (50.124 ms) : 0, 50124
AppSec [candidate] (48.575 ms) : 0, 48575
IAST [baseline] (23.496 ms) : 0, 23496
IAST [candidate] (24.797 ms) : 0, 24797
Remote Config [baseline] (582.505 µs) : 0, 583
Remote Config [candidate] (609.565 µs) : 0, 610
Telemetry [baseline] (7.433 ms) : 0, 7433
Telemetry [candidate] (8.976 ms) : 0, 8976
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (791.231 ms) : 0, 791231
BytebuddyAgent [candidate] (791.117 ms) : 0, 791117
GlobalTracer [baseline] (289.33 ms) : 0, 289330
GlobalTracer [candidate] (290.469 ms) : 0, 290469
AppSec [baseline] (49.0 ms) : 0, 49000
AppSec [candidate] (50.991 ms) : 0, 50991
IAST [baseline] (24.914 ms) : 0, 24914
IAST [candidate] (22.498 ms) : 0, 22498
Remote Config [baseline] (583.002 µs) : 0, 583
Remote Config [candidate] (584.52 µs) : 0, 585
Telemetry [baseline] (6.562 ms) : 0, 6562
Telemetry [candidate] (7.312 ms) : 0, 7312

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-03-27T08:15:53 2024-03-27T08:38:00
git_branch master smola/libddwaf-java-9.1.0
git_commit_date 1711475656 1711525685
git_commit_sha 87afba4 f3ead03
release_version 1.32.0-SNAPSHOT~87afba42c6 1.32.0-SNAPSHOT~f3ead03f01
start_time 2024-03-27T08:15:40 2024-03-27T08:37:47
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1711529026 1711529026
ci_job_id 470442773 470442773
ci_pipeline_id 30896775 30896775
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.351 ms) : 1331, 1371
.   : milestone, 1351,
appsec (1.741 ms) : 1716, 1765
.   : milestone, 1741,
appsec_no_iast (1.756 ms) : 1732, 1780
.   : milestone, 1756,
iast (1.484 ms) : 1461, 1508
.   : milestone, 1484,
profiling (1.506 ms) : 1481, 1531
.   : milestone, 1506,
tracing (1.497 ms) : 1473, 1522
.   : milestone, 1497,
section candidate
no_agent (1.367 ms) : 1348, 1386
.   : milestone, 1367,
appsec (1.711 ms) : 1685, 1736
.   : milestone, 1711,
appsec_no_iast (1.742 ms) : 1718, 1767
.   : milestone, 1742,
iast (1.489 ms) : 1466, 1511
.   : milestone, 1489,
profiling (1.5 ms) : 1476, 1524
.   : milestone, 1500,
tracing (1.476 ms) : 1452, 1501
.   : milestone, 1476,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.351 ms [1.331 ms, 1.371 ms] -
appsec 1.741 ms [1.716 ms, 1.765 ms] 389.665 µs (28.8%)
appsec_no_iast 1.756 ms [1.732 ms, 1.78 ms] 404.94 µs (30.0%)
iast 1.484 ms [1.461 ms, 1.508 ms] 133.374 µs (9.9%)
profiling 1.506 ms [1.481 ms, 1.531 ms] 154.865 µs (11.5%)
tracing 1.497 ms [1.473 ms, 1.522 ms] 146.453 µs (10.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.367 ms [1.348 ms, 1.386 ms] -
appsec 1.711 ms [1.685 ms, 1.736 ms] 343.865 µs (25.2%)
appsec_no_iast 1.742 ms [1.718 ms, 1.767 ms] 375.483 µs (27.5%)
iast 1.489 ms [1.466 ms, 1.511 ms] 121.643 µs (8.9%)
profiling 1.5 ms [1.476 ms, 1.524 ms] 132.979 µs (9.7%)
tracing 1.476 ms [1.452 ms, 1.501 ms] 109.355 µs (8.0%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~f3ead03f01, baseline=1.32.0-SNAPSHOT~87afba42c6
    dateFormat X
    axisFormat %s
section baseline
no_agent (369.75 µs) : 350, 390
.   : milestone, 370,
iast (474.077 µs) : 454, 495
.   : milestone, 474,
iast_FULL (543.0 µs) : 522, 564
.   : milestone, 543,
iast_GLOBAL (493.389 µs) : 473, 514
.   : milestone, 493,
iast_HARDCODED_SECRET_DISABLED (477.809 µs) : 457, 498
.   : milestone, 478,
iast_INACTIVE (455.723 µs) : 434, 477
.   : milestone, 456,
iast_TELEMETRY_OFF (474.16 µs) : 453, 495
.   : milestone, 474,
tracing (449.341 µs) : 428, 470
.   : milestone, 449,
section candidate
no_agent (369.984 µs) : 350, 390
.   : milestone, 370,
iast (477.12 µs) : 456, 498
.   : milestone, 477,
iast_FULL (549.514 µs) : 529, 570
.   : milestone, 550,
iast_GLOBAL (499.913 µs) : 479, 521
.   : milestone, 500,
iast_HARDCODED_SECRET_DISABLED (476.578 µs) : 456, 497
.   : milestone, 477,
iast_INACTIVE (449.035 µs) : 428, 470
.   : milestone, 449,
iast_TELEMETRY_OFF (469.113 µs) : 449, 490
.   : milestone, 469,
tracing (446.289 µs) : 425, 467
.   : milestone, 446,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 369.75 µs [349.831 µs, 389.669 µs] -
iast 474.077 µs [453.556 µs, 494.598 µs] 104.327 µs (28.2%)
iast_FULL 543.0 µs [522.424 µs, 563.575 µs] 173.25 µs (46.9%)
iast_GLOBAL 493.389 µs [472.876 µs, 513.903 µs] 123.639 µs (33.4%)
iast_HARDCODED_SECRET_DISABLED 477.809 µs [457.167 µs, 498.451 µs] 108.059 µs (29.2%)
iast_INACTIVE 455.723 µs [434.348 µs, 477.098 µs] 85.973 µs (23.3%)
iast_TELEMETRY_OFF 474.16 µs [453.182 µs, 495.138 µs] 104.41 µs (28.2%)
tracing 449.341 µs [428.269 µs, 470.413 µs] 79.591 µs (21.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 369.984 µs [350.101 µs, 389.868 µs] -
iast 477.12 µs [456.498 µs, 497.742 µs] 107.135 µs (29.0%)
iast_FULL 549.514 µs [529.206 µs, 569.821 µs] 179.529 µs (48.5%)
iast_GLOBAL 499.913 µs [478.944 µs, 520.882 µs] 129.928 µs (35.1%)
iast_HARDCODED_SECRET_DISABLED 476.578 µs [455.931 µs, 497.224 µs] 106.593 µs (28.8%)
iast_INACTIVE 449.035 µs [428.404 µs, 469.666 µs] 79.05 µs (21.4%)
iast_TELEMETRY_OFF 469.113 µs [448.653 µs, 489.572 µs] 99.128 µs (26.8%)
tracing 446.289 µs [425.203 µs, 467.375 µs] 76.304 µs (20.6%)

@smola smola force-pushed the smola/libddwaf-java-9.1.0 branch from 7cb5b34 to 25fad8d Compare March 26, 2024 14:18
@smola smola force-pushed the smola/libddwaf-java-9.1.0 branch from 25fad8d to f3ead03 Compare March 27, 2024 07:48
@smola smola changed the title Upgrade to libddwaf-java 9.1.0 Upgrade to libddwaf-java 9.1.1 Mar 27, 2024
@smola smola marked this pull request as ready for review March 27, 2024 09:53
@smola smola requested a review from a team as a code owner March 27, 2024 09:53
@smola smola merged commit a530eb6 into master Mar 27, 2024
80 checks passed
@smola smola deleted the smola/libddwaf-java-9.1.0 branch March 27, 2024 11:34
@github-actions github-actions bot added this to the 1.32.0 milestone Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Milestone
1.32.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@smola @manuel-alvarez-alvarez